In a nutshell, deep packet inspection is a type of data
processing that looks in detail at the contents of the data being
sent, and re-routes it accordingly. It can be used for perfectly
innocuous reasons, like making sure that a feed of data is
supplying content in the right format, or is free of viruses. Or it
can be used for more nefarious motives, like eavesdropping and
censorship. Between those two extremes is a grey area of datamining
and privacy violation, and it's these aspects that are raising
hackles in some parts of the web.

But let's step back for a moment, and look at what the term
actually means. Computers collect information that you send and
receive into "packets",
which have a label on them (called a "header")
that describes what they are, who they're from and where they're
going, just like a letter flowing through a postal network.

Those flow through global data networks and, generally, get to
where they're going. The reason that networks tend to operate like
this is that it's more efficient and reliable to check an entire
packet for errors in one go (and, very occasionally, request an
error-ridden packet be re-sent) than to check every single
character individually. Nasa uses this sort of system to transmit data through deep
space.

In most cases, the contents of the packets go unmonitored. But
when a network provider engages in deep packet inspection, it does
the equivalent of opening up letters in a postal depot, and reading
the contents. Software is used to scan the contents of each packet
(and sometimes log it), and then a packet can be re-routed (or
dumped entirely) if it passes certain criteria. Those criteria, as
previously mentioned, could be the presence of a virus, or just
prioritisation of certain types of traffic that are extremely
bandwidth-dependent, like YouTube, Netflix or Skype, over traffic
that just needs to arrive eventually, like web browsing or
application data.

On the other hand, the data gleaned from deep packet inspection
can be used for darker purposes. ISPs in China use deep packet
inspection for censorship -- scanning for certain keywords and
blocking access to particular websites. Back in 2008, a US company
called Phorm
attempted to launch an ad-targeting system in the UK which would
intercept users web surfing habits and datamine them for
information to sell to advertisers.

It caused a storm of controversy, eventually culminating in the
European Commission beginning legal action against the British government for
permitting the service to operate. The case was only closed again
in January 2012, after the UK amended its laws to include a
sanction on unlawful interception of communications.

Many ISPs also use the technology to lower the priority of
traffic from filesharing networks at peak times (known as traffic
shaping), and the creative industries have called for it to be used
as a weapon in their crusade against filesharing, using the same filters currently used to block child pornography to stop
consumers watching questionably-obtained TV shows.

There are two major issues with deep packet inspection, however.
The first is that it might not be legal, and the second is that
it's trivial to circumvent.

The Regulation
of Investigatory Powers Act 2000 (which is the act that was
amended following the European Commission's legal action) clearly
states that the interception of telecommunications is an offence if
transmissions are monitored "as to make some or all of the
contents of the communication available, while being transmitted,
to a person other than the sender or intended recipient of the
communication". Given that the uniqueness of the information
gathered through deep packet inspection is enough to build up a
profile of usage data, one could argue that this constitutes "interception" and is
therefore a criminal offence. However, the language in the act is
broad and so far, there's little precedent on either
side.

As for the second problem, there are hundreds of services
on the web offering encryption for your communications. It's far
harder for deep packet inspection systems to dig into secured
communications, so if you can create a secure "tunnel" between your
computer and a server outside your ISPs network (known as a VPN, in this case), then any data that you send through will be
much more difficult (read: not really worth the hassle, unless
you're doing something seriously illegal) for your ISP to
access.

Ultimately, there are both perfectly legitimate and very
troublesome applications of deep packet inspection technology. It
makes your Skype calls and YouTube videos play smoothly, and stops
your grandparents getting a virus on their laptop, but it can also
be used by ISPs selling your data to advertising companies or to
block you from accessing certain, politically-troublesome,
websites.

In Europe, it seems that the political groundswell is
against the broad use of deep packet inspection for anything other
than network efficiency. In July 2011, Neelie
Kroes, the vice-president of the European Commission, was asked whether using deep packet inspection technology is
a violation of several fundamental human rights, applicable
European data protection and privacy rules.

Her response referenced the Phorm fiasco: "The use of any
technology such as deep packet inspection technology to support
specific business models need to comply with the EU rules on
confidentiality of electronic communications."

Edited by Olivia Solon

Comments

"Ultimately, there are both perfectly legitimate and very troublesome applications of deep packet inspection technology. It makes your Skype calls and YouTube videos play smoothly, and stops your grandparents getting a virus on their laptop..."

Excuse me ?

Can someone explain to me how opening up TCP/IP packets on the fly and examining the contents can make youtube and skype play more smoothly ?

OK you might catch a virus providing the entire thing fits in a single packet and isn't split up over several, which is pretty much what TCP/IP does with data streams.

But even that's a stretch as really you need to intercept the entire stream from start to finish, reassemble it and examine the result to accurately spot malware, and even then it depends on how good a scanner you have.

So I don't see anyone's grandparents ditching their antivirus package any time soon because the ISP has deep packet inspection installed.

But I'm prepared to be convinced of these beneficial uses of DPI, please educate me.

cloudstarer

May 2nd 2012

@CloudStarer The reason why ISP's examining packets "on the fly" makes videos play more smoothly is that once ISP's identify what is contained within a packet then they can prioritise the re-routing of bandwidth-dependent traffic (like streaming videos)

GoldenGatsby

May 2nd 2012

In reply to GoldenGatsby

@GoldenGatsby - The routing information and the packet type is encoded in the TCP/IP portion of the message and not the actual payload data which may contain anything and may even be encrypted, there is no need to open the packet and look at the message to determine if it is a video stream the transmission protocol has all the information necessary to route and prioritise the packet.It's like sending a letter through the post, the information on the envelope tells you all you need to know about where to send it and at what priority, you don't need to open the envelope to find these things out.Similarly there's a whole host of information wrapped up in the TCP/IP specification that give you different options for prioritisation and routing, you don't need to look at the contents of the message to work out what to do with it, which is what DPI does .

cloudstarer

May 2nd 2012

sir.. can we see the simulation results of "deep packet inspection" using different tools like NS-2 or any other???

prashant

Jul 28th 2012

sir.. can we see the simulation results of "deep packet inspection" using different tools like NS-2 or any other???